USN-735-1: GStreamer Base Plugins vulnerability

Ubuntu Security Notice USN-735-1

16th March, 2009

gst-plugins-base0.10 vulnerability

A security issue affects these releases of Ubuntu and its
derivatives:

Ubuntu 8.10

Software description

gst-plugins-base0.10

Details

It was discovered that the Base64 decoding functions in GStreamer BasePlugins did not properly handle large images in Vorbis file tags. If a userwere tricked into opening a specially crafted Vorbis file, an attackercould possibly execute arbitrary code with user privileges.

Update instructions

The problem can be corrected by updating your system to the following
package version: